The present invention relates to a computer-based security system.
Keyboard input tracking programs exist today which are capable or recording and reproducing everything that is input to a computer system via a keyboard. Initially, such programs were developed as a way of protecting data integrity and as tools for solving a variety of problems. For example, when the operation of a computer system is suddenly interrupted as a result of a glitch or a power interruption, the inputted keystrokes logged by a keyboard tracking program have been used to restored unsaved data. Another way such programs have been used is to effect repairs to a computer system through remote access, e.g., through observing the operation and input provided via a keyboard to a computer in real-time.
Unfortunately however, these programs have been utilized by hackers to gain unauthorized access to secure information. The misuse of such information has been detrimental to both businesses and individuals. Spyware is a term broadly describing programs that tend to install themselves automatically on a user computer system via online advertisements and e-mail messages. Spyware includes programs which capture a user's personal information, generate unwanted pop-up advertisements, redirect web page requests, and generally make computers sluggish. Keystroke logging, or keylogging, is a very dangerous form of spyware. Keystrokes, including credit card numbers and passwords used for online banking, can be recorded surreptitiously and used to gain unauthorized access to personal user data. It is unknown how many people have been victims of keystroke logging, but many security experts agree that it has become a big part of a growing problem of online fraud. Such fraud hinders the further growth of the Internet for providing personal and financial services to individuals and businesses.
Many businesses including financial institutions have websites that require a password and encrypted transmission to protect individual account information from becoming known. Unfortunately, the use of a password and encryption alone do not address keystroke logging. Keystroke logging continues to be a threat to such systems because it copies information while being input to a keyboard before it is encrypted for transmission. Thus, a password entered on a keyboard is subject to capture by the remote keystroke logging program, transmitted to an unauthorized person, and used by that person, despite the protections afforded by the encrypted transmission between user computer and the website.
Consequently, a system and method are needed to protect systems from the threat of illicit copying of passwords and other sensitive information, such as through keystroke logging programs.